How CodeSonar Licensing Works

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

CodeSonar^® 9.2p0

CONFIDENTIAL

CodeSecure Inc

How CodeSonar Licensing Works

The CodeSonar hub enforces the limits set in the CodeSonar license key. You can use the CodeSonar Web GUI to review licensed limits on resources, inspect details of the current utilization of those resources, and instruct the hub to read a new or updated license key.

License Key Installation and Updates
Accepting the License
Licensed Resources
Getting Information About License Utilization
Licensed Behavior

License Key Installation and Updates

Information about setting up a CodeSonar license key is in section Installation: Hub Setup: Hub License Key. There is a separate section for floating license keys.

These instructions cover both initial license key setup and applying an updated license key (for example, because you have purchased an amendment to allow additional licensed resources).

To install or update a hub license key, you must be signed in as a user with the following permissions. The special Administrator user account will always be a suitable option, as will any other user that is assigned the special Administrator role.

Accepting the License Agreement

You must accept the license agreement before you can build/analyse projects or start a hub.

There are two options:

Run the license activation command
codesonar activate
CodeSonar will print the text of the license agreement and ask you to accept it.
Wait until you need to issue a build/analysis command or start a hub. Once you have issued the command, CodeSonar will print the text of the license agreement and ask you to accept it before proceeding.

In either case, if your window history is not long enough to scroll over the entire text of the license agreement, you can examine the agreement file at $CSONAR/EULA.txt.

Licensed Resources

Your CodeSonar license key may include limits on the following:

license charges
active users
concurrent analyses
anonymous sessions
user sessions

These resources, how they are counted, and how they can be recovered, are discussed below.

License Charges

The total number of license units available.

Each file that is analyzed incurs a charge against the license.

For source files, a license unit is a Line With Code.

Lines that contain only whitespace or only comments are not counted.
Each file basename (case-insensitive) is only counted once, even if
- there are multiple files with the same basename, or
- a file is analyzed multiple times, or
- a file occurs in more than one project.
If there are multiple file instances with the same basename, the instance with the most Lines With Code is counted. When several instances have the same Lines With Code, the oldest such instance is listed: we refer to this as the largest-oldest instance. Note that instance information will appear even if the instance is no longer present on the hub (for example, because the project or analysis it belonged to has been deleted).
If your build system generates randomly-named files each time it runs, each of these files will be counted separately. To avoid this, either disable the random naming behavior or use COMPILER_MODELS and DISABLED_COMPILERS configuration settings to work around it. If neither of these options are practical, there will be no good way for CodeSonar to accurately count lines and so a line-based license key will not be suitable for your needs: contact sales@codesecure.com to arrange an alternative license key model.
Standard library files and other third party code will be counted. The CodeSonar analysis cannot ignore these files, so the license key includes free "correction" lines to cover their line count contribution.
Files will be counted even if the project they belonged to has been deleted.

The following are some typical scenarios in which you may reach your license-charge limit.

If you are reaching your license-charge limit because you accidentally analyzed a project that you didn't intend to, or have another problem with the license-charge limit, contact CodeSecure support for assistance, appending the CSV version of the license utilization table (go to the License Utilization page and click the CSV link at top right, then save the file on your local system).
- If your project includes a large amount of third-party code and so you require additional free correction lines, please note which rows of the CSV file pertain to third-party code.
- If you accidentally analyzed a project that you didn't intend to, please note which rows of the CSV file pertain to that project.
If your compiler is generating randomly-named files and you cannot disable this behavior or adjust your CodeSonar settings to work around it, contact sales@codesecure.com to arrange an alternative license key model.
If you want to increase your license-charge limit, contact sales@codesecure.com to purchase additional license units.

Active Users

The total number of user accounts that can be active at one time. An active account is defined as one for which at least one of the associated roles has G_SIGN_IN permission.

Note in particular that the license key does not limit the number of user accounts that can be created, just the number that can be simultaneously active.

If you are reaching your limit for active users, you have two options.

Deactivate user accounts that are not needed. See Task: Activate or Deactivate A User Account for details.
Contact sales@codesecure.com to purchase a license key for additional active users.

Concurrent Analyses

The total number of analyses that may be running and sending their results to the hub at any one time.

A parallel analysis counts as one analysis, regardless of the number of slave processes.
Analysis processes that are communicating with the hub in daemon mode in order to service web requests are not counted against this limit.

If you are reaching your limit for concurrent analyses, contact sales@codesecure.com to purchase a license key for additional concurrent analyses.

Anonymous Sessions

The total number of anonymous sessions that can be connected to the hub at any one time.

When a user starts an anonymous session, the hub checks for an available licensed anonymous session slot.

If there is an available licensed anonymous session slot, it is allocated to the user until they end the session (for example, by signing into a user account, or by timing out).
Otherwise, the anonymous session will be an overflow session, with reduced functionality. A message specifying that the user is in an "overflow session" will be displayed above the GUI page footer.
If a licensed anonymous session slot subsequently becomes available, the user can claim it by visiting the hub sign-out URL http://hub_location/sign_out.html to end their anonymous session, then visiting any regular GUI page (such as the home page http://hub_location/) to start a new one.

If you are reaching your limit for anonymous sessions, you have two options.

Contact sales@codesecure.com to purchase a license key for additional active users.
Use the HTTP Session Timeout setting to specify the time period after which inactive anonymous (and other) sessions will time out and become available to other users.

User Sessions

The total number of user sessions that can be running on the hub at any one time.

When a user creates a user session, for example by signing in to the hub's web GUI, the hub checks for an available licensed user session slot.

If there is an available licensed user session slot, it is allocated to the user until they end the session (for example, by signing out or timing out).
Otherwise, the hub will attempt to determine if one of the user's existing sessions can be forcibly deleted. If a forced deletion candidate can be identified and deleted, its licensed user session slot is reassigned to the new session.
Otherwise, the user session will be an overflow session, with reduced functionality. A message specifying that the user is in an "overflow session" will be displayed above the GUI page footer.
If a licensed user session slot subsequently becomes available, the user can claim it by signing out and then signing back in to start a new user session.

If you are reaching your licensed limit for user sessions, you have two options.

Contact sales@codesecure.com to purchase a license key for additional user sessions.
Use the HTTP Session Timeout setting to specify the time period after which inactive sessions will time out and become available to other users.

Getting Information About License Utilization

Information about your license limits on resources, and your current utilization of those resources, is available in the CodeSonar Web GUI.

The License Utilization page contains full information about each licensed resource: the license limit, and details of the current utilization level.
The standard footer on all GUI pages names the licensee and provides a link to the License Utilization page.

Licensed Behavior

Some hub behavior is not available when there is no license key, or when there is a license key but certain license limits have been exhausted. We refer to these cases as corresponding to an unlicensed state.

A hub is considered to be in an unlicensed state if it does not have a valid license key, or if it has a valid license key but has reached its licensed limit for license charges or active users.
A user session on the hub is in an unlicensed state if the hub is in an unlicensed state, or if the hub is in a licensed state but the user signed in at a time when all licensed user session slots were already occupied.
An anonymous session on the hub in an unlicensed state if the hub is in an unlicensed state, or if the hub is in a licensed state but the user signed in at a time when all licensed anonymous session slots were already occupied.

License Restrictions: Running an Analysis

A new analysis cannot be started by any user if the hub is in an unlicensed state. Analyses that are already running will not be affected by changes in licensing status.

If the hub is in an unlicensed state but is at its licensed limit for concurrent analyses, a new analysis will be delayed until a licensed concurrent analysis slot opens up.

License Restrictions: Web GUI Sessions

When a user session or anonymous session is in an unlicensed state, the hub behaves as if the user does not have any of the following permissions for any resource, even if they would otherwise have those permissions through their assigned roles (for anonymous sessions, these are the roles for special user Anonymous).

In general terms, this means that the user will not be able to view or perform any operations on warnings, and will not be able to modify analysis information. For example:

All warning tables (for example, in Analysis: Warnings) will be empty.
Warning Reports will be unavailable.
Source listings will not show warning annotations.
Running warning processors will have no effect.

To report problems with this documentation, please visit https://support.codesecure.com/.